Skip to content

Commit cdebce4

Browse files
esyresyr
committed
x509storeissuer: add support for gernerated nonces
Signed-off-by: Eugene Syromiatnikov <[email protected]>
1 parent e33e32b commit cdebce4

File tree

1 file changed

+33
-1
lines changed

1 file changed

+33
-1
lines changed

source/x509storeissuer.c

Lines changed: 33 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,7 @@ enum verbosity {
5353
};
5454

5555
enum nonce_type {
56+
NONCE_GENERATED,
5657
NONCE_PATH,
5758
};
5859

@@ -457,6 +458,31 @@ gen_certificates(const size_t num_keys, EVP_PKEY * const * const keys,
457458
return true;
458459
}
459460

461+
static X509 *
462+
gen_nonce(struct nonce_cfg *cfg)
463+
{
464+
X509 *x509_nonce = X509_new();
465+
X509_NAME *x509_name_nonce = NULL;
466+
467+
if (!x509_nonce)
468+
errx(EXIT_FAILURE, "Error creating X509 nonce object");
469+
470+
x509_name_nonce = X509_NAME_new();
471+
if (!x509_name_nonce)
472+
errx(EXIT_FAILURE, "Error creating X509 name nonce object");
473+
474+
if (!X509_NAME_add_entry_by_txt(x509_name_nonce, "CN", MBSTRING_ASC,
475+
(unsigned char *) "Test NC CA", -1, -1, 0))
476+
errx(EXIT_FAILURE, "Error setting X509 name nonce");
477+
478+
if (!X509_set_issuer_name(x509_nonce, x509_name_nonce))
479+
errx(EXIT_FAILURE, "Error setting X509 nonce name");
480+
481+
X509_NAME_free(x509_name_nonce);
482+
483+
return x509_nonce;
484+
}
485+
460486
static X509 *
461487
load_cert_from_file(const char *path)
462488
{
@@ -533,6 +559,8 @@ static X509 *
533559
make_nonce(struct nonce_cfg *cfg)
534560
{
535561
switch (cfg->type) {
562+
case NONCE_GENERATED:
563+
return gen_nonce(cfg);
536564
case NONCE_PATH:
537565
return load_nonce_from_path(cfg);
538566
default:
@@ -896,6 +924,7 @@ usage(char * const argv[])
896924
"\t-K\tAlgorithm and key size of the generated keys.\n"
897925
"\t\tDefault: " KEY_ALGO "\n"
898926
"\t-n\tNonce configuration, supported options:\n"
927+
"\t\t\tgen - generated\n"
899928
"\t\t\tfile:PATH - load nonce certificate from PATH;\n"
900929
"\t\t\tif PATH is relative, the provided certsdir's are searched.\n"
901930
"\t\tDefault: " NONCE_CFG "\n"
@@ -931,9 +960,12 @@ parse_timeout(const char * const optarg)
931960
static void
932961
parse_nonce_cfg(const char * const optarg, struct nonce_cfg *cfg)
933962
{
963+
static const char gen[] = "gen";
934964
static const char file_pfx[] = "file:";
935965

936-
if (strncmp(optarg, file_pfx, sizeof(file_pfx) - 1) == 0) {
966+
if (strncmp(optarg, gen, sizeof(gen)) == 0) {
967+
cfg->type = NONCE_GENERATED;
968+
} else if (strncmp(optarg, file_pfx, sizeof(file_pfx) - 1) == 0) {
937969
cfg->type = NONCE_PATH;
938970
cfg->path = optarg + sizeof(file_pfx) - 1;
939971
} else {

0 commit comments

Comments
 (0)